Product

Protobufjs (>= 8.0.0, <= 8.0.1)

2 briefs RSS

protobuf.js Denial-of-Service Vulnerability via Unbounded Recursion (CVE-2026-44289)

protobuf.js is vulnerable to a denial-of-service (DoS) attack (CVE-2026-44289) due to unbounded recursion while decoding nested protobuf data, potentially leading to stack exhaustion and process crashes when processing crafted protobuf binary payloads.

protobufjs +1 denial of service CVE-2026-44289

2r 1t 1h ago

high advisory

protobuf.js Prototype Pollution Leads to Code Generation Gadget

2 rules

protobufjs versions 7.5.5 and earlier, as well as versions 8.0.0 through 8.0.1, are vulnerable to arbitrary JavaScript execution if Object.prototype has been polluted, allowing attackers to influence generated encode/decode functions.

protobufjs +1 prototype-pollution code-generation javascript

2r 1h ago